Legal · v0.1 Draft

Privacy Policy

Effective date: [DATE] · Last updated: [DATE]
Controller: RavenCoreX LLC, a Florida limited liability company ("RavenCoreX," "we," "us").
Offices: [Address], Florida, USA · [Address], Buenos Aires, Argentina.
Privacy contact: privacy@ravencorex.com (placeholder — confirm).

Draft v0.1 — pending legal review. This is a working draft prepared to accelerate counsel review (US/Florida + Argentina). It is not legal advice and is not yet legally binding. Bracketed [...] items need confirmation. The Spanish version will be published alongside the English one before going live.

1. Scope

This Policy explains how we collect, use, and share personal information across: (a) our website (ravencorex.com), (b) our SaaS products — CoreWhapp, NotarIA, DataMetricX, LKMind (the "Products"), and (c) messaging data we process on behalf of business customers (e.g., WhatsApp conversations via CoreWhapp). Where we process personal data on behalf of a business customer (for example, their end-customers' WhatsApp messages), we act as a processor / "encargado de tratamiento," and that customer is the controller; this Policy then describes our practices as processor and is supplemented by the customer agreement / Data Processing Addendum (DPA).

2. Information we collect

a. Website / marketing. Name, email, company, and message you submit (contact forms, newsletter, audit requests, demo bookings); newsletter preferences; and limited technical/usage data (IP, device/browser, pages viewed) via cookies and analytics (see §8).

b. Product accounts. Account details (name, work email, company, role, password credentials managed by our auth provider), billing contact and subscription data (payment is handled by our payment processor — we do not store full card numbers), configuration you provide, and product usage/telemetry (logins, features used, logs for security and support).

c. Content & messaging data. Documents, knowledge bases, catalogs, prices, and policies you upload to train or operate a Product; and conversation data processed through the Products — including WhatsApp, web chat, email, or voice/audio messages between you (or your end-customers) and the AI agents — together with metadata (timestamps, phone numbers/handles, channel). For CoreWhapp specifically, this may include your end-customers' personal data contained in their messages.

d. From third parties / integrations. Data from systems you connect (CRM, ERP, calendars, e-commerce, cloud billing, messaging providers) strictly to provide the service you configured.

We do not intentionally collect special-category/sensitive data through the marketing site. Where a Product may process sensitive data (e.g., NotarIA legal documents, or health-adjacent messages in CoreWhapp), that processing is governed by the customer agreement and the customer is responsible for its lawful basis and notices to data subjects.

3. How we use information

  • Provide, operate, secure, and improve the website and Products.
  • Respond to inquiries, bookings, and support.
  • Send service messages and — with consent where required — marketing/newsletter emails (opt-out anytime).
  • Billing and account administration.
  • Train/operate your AI agents on your content for your instance. We do not use your content or your end-customers' conversation data to train foundation/base models, and we do not sell personal information. [Confirm any aggregated/anonymized analytics use.]
  • Detect and prevent fraud, abuse, and security incidents; comply with law.

4. Legal bases (Argentina Ley 25.326 / GDPR-style framing)

We rely on: your consent (newsletter, certain cookies); performance of a contract (providing the Products/services); legitimate interests (securing and improving services, B2B communications) balanced against your rights; and legal obligations. Under Argentina's Ley 25.326 (Protección de Datos Personales), processing is based on consent or applicable legal exceptions; international transfers follow §7.

5. How we share

  • Service providers / sub-processors (hosting on Google Cloud, payment processor, email/CRM, analytics, messaging API providers) under contract, only to provide the service. A current sub-processor list is available at [link].
  • Business customers' instructions when we act as processor.
  • Legal/safety disclosures when required by law or to protect rights and security.
  • Business transfers (merger/acquisition) with notice as required.

We do not sell or rent personal information, and we do not share it for cross-context behavioral advertising. [Confirm.]

6. AI processing & WhatsApp specifics

Conversations may be processed by AI models to understand intent and generate replies/actions. For CoreWhapp, messaging flows through the WhatsApp Business API and Meta's processing applies to message transport; our processing is limited to operating your configured agent. Businesses using CoreWhapp must (a) have a lawful basis to message their end-customers, (b) provide required notices, and (c) honor opt-outs. We provide controls for retention and human handoff.

7. International transfers

We operate in the US and Argentina and use providers in multiple regions. Transfers (including US↔Argentina↔EU) use appropriate safeguards (e.g., contractual clauses) where required by Ley 25.326 or GDPR. [Confirm mechanisms with counsel.]

8. Cookies & analytics

We use strictly necessary cookies plus, with consent, analytics/performance cookies. Our cookie banner lets you reject non-essential cookies by default. Details in our Cookies Policy [link].

9. Data retention

We keep personal data only as long as needed for the purposes above or as required by law/contract. Product content and conversation data are retained per your configuration and the customer agreement; on account closure we delete or return data within [period] subject to legal holds. [Confirm periods.]

10. Your rights

Depending on your location you may have rights to access, rectify, delete, object to, or restrict processing, to data portability, and to withdraw consent. In Argentina you may also contact the Agencia de Acceso a la Información Pública (AAIP). To exercise rights, email privacy@ravencorex.com; we respond within the time required by applicable law. Where we act as processor, we will route your request to the relevant business customer (controller).

11. Security

We use technical and organizational measures appropriate to the risk (encryption in transit, access controls, least-privilege, logging, vendor due diligence on Google Cloud). No system is perfectly secure; we maintain an incident-response process and will notify as required by law.

12. Children

The website and Products are not directed to children under 18 [confirm threshold]; we do not knowingly collect their data. If a Product is used to message minors, the business customer is responsible for lawful basis and parental consent where required.

13. Changes

We may update this Policy; we'll post the new date and, for material changes, provide prominent notice.

14. Contact

privacy@ravencorex.com (placeholder) · RavenCoreX LLC, [Florida address]. Argentina data-subject inquiries: [AR contact].

Drafting notes for counsel: confirm controller/processor split per Product; finalize sub-processor list, retention periods, transfer mechanisms, sale/sharing statements (US state laws), child age threshold, and AAIP registration obligations under Ley 25.326. Ensure the Spanish version is the controlling text for Argentine data subjects if required.